Note A cumulative list of all new and existing features supported in this release, including platform and software image support, can be found in Cisco Feature Navigator at http://www.cisco.com/go/cfn.

New Hardware Features Supported in Cisco IOS Release 15.1(2)T4

There are no new hardware features in Cisco IOS Release 15.1(2)T4.

New Software Features Supported in Cisco IOS Release 15.1(2)T4

This section describes new and changed features in Cisco IOS Release 15.1(2)T4. Some features may be new to Cisco IOS Release 15.1(2)T4 but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 15.1(2)T4. To determine if a feature is new or changed, see the feature information table at the end of the feature module for that feature. Links to feature modules are included. If a feature does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided.

Right To Use Licensing Support in CLIs and MIBs for Cisco ISR G2 Platforms

For detailed information about this feature, see the following document:

New Hardware Features Supported in Cisco IOS Release 15.1(2)T2

There are no new hardware features in Cisco IOS Release 15.1(2)T2.

New Software Features Supported in Cisco IOS Release 15.1(2)T2

This section describes new and changed features in Cisco IOS Release 15.1(2)T2. Some features may be new to Cisco IOS Release 15.1(2)T2 but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 15.1(2)T2. To determine if a feature is new or changed, see the feature information table at the end of the feature module for that feature. Links to feature modules are included. If a feature does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided.

WAAS Express

This feature introduces WAN optimization technology as a software offering on Cisco IOS based platforms. This technology will interoperate with WAN optimization head-end appliances from Cisco.

For detailed information about this feature, see the following document:

New Hardware Features Supported in Cisco IOS Release 15.1(2)T

This section describes new and changed features in Cisco IOS Release 15.1(2)T. Some features may be new to Cisco IOS Release 15.1(2)T but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 15.1(2)T. To determine if a feature is new or changed, see the feature information table at the end of the feature module for that feature. Links to feature modules are included. If a feature does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided.

1-Port and 2-Port VWIC3s—Voice WAN Interface Cards

For detailed information about this feature, see the following document:

New Software Features Supported in Cisco IOS Release 15.1(2)T

This section describes new and changed features in Cisco IOS Release 15.1(2)T. Some features may be new to Cisco IOS Release 15.1(2)T but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 15.1(2)T. To determine if a feature is new or changed, see the feature information table at the end of the feature module for that feature. Links to feature modules are included. If a feature does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided.

Additional PDL Support for NBAR

For detailed information about this feature, see the following document:

Important Notes

Cisco IOS Behavior Changes

Behavior changes describe the minor modifications to the way a device works that are sometimes introduced in a new software release. These changes typically occur during the course of resolving a software defect and are therefore not significant enough to warrant the creation of a stand-alone document. When behavior changes are introduced, existing documentation is updated with the changes described in this section.

Cisco IOS Release 15.1(2)T5

The following behavior changes are introduced in Cisco IOS Release 15.1(2)T5:

BGP scan time range is changed.

Old Behavior: The bgp scan-time command has a scanner-interval range of 15-60 seconds. The bgp scan-time command cannot be configured (it remains at the default value of 60 seconds) if BGP Next Hop Tracking (NHT) is configured (by the bgp nexthop command).

New Behavior: The bgp scan-time command has a scanner-interval range of 5-60 seconds. The bgp scan-time command can be configured, even if BGP Next Hop Tracking (NHT) is configured (by the bgp nexthop command).

Change in BGP next-hop for redistributed recursive static routes.

Old Behavior: A router advertising a locally originated route (from a static route with recursive next-hop) advertises the next hop to be itself. The local next-hop (equal to next-hop-self) is kept.

New Behavior: A router advertising a locally originated route (from a static route with recursive next-hop) advertises the next-hop to be the recursive next-hop of the static route.

Cisco IOS Release 15.1(2)T4

The following behavior changes are introduced in Cisco IOS Release 15.1(2)T4:

BGP no longer activates IPv6 peers in the IPv4 address family automatically.

Old Behavior: By default, both IPv6 and IPv4 capability is exchanged with a BGP peer that has an IPv6 address. When an IPv6 peer is configured, that neighbor is automatically activated under the IPv4 unicast address family.

New Behavior: Starting with new peers being configured, an IPv6 neighbor is no longer automatically activated under the IPv4 address family. You can manually activate the IPv6 neighbor under the IPv4 address family if you want. If you do not want an existing IPv6 peer activated under the IPv4 address family, you can manually deactivate the peer with the no neighbor ipv6-address activate command. Until then, existing configurations that activate an IPv6 neighbor under the IPv4 unicast address family will continue to try to establish a session.

Old Behavior: When the neighbor prefix-length-size command is configured in the L2VPN VPLS address family, if that neighbor has a peer policy or route map that is removed, the neighbor prefix-length-size command setting is also removed.

New Behavior: When the neighbor prefix-length-size command is configured in the L2VPN VPLS address family, the value of that command overrides the value set for the peer-group. If the command is locally configured for the peer, it will not be inherited from the peer-group.

A change has been made in the show bgp ipv4 unicast summary command.

Old Behavior: The show bgp ipv4 unicast summary command displays an incorrect number of dynamically created neighbors per address family if a peer-group has been removed from the configuration.

New Behavior: The show bgp ipv4 unicast summary command displays the correct number of dynamically created neighbors, even if a peer-group has been removed. The output displays the number of dynamically created neighbors per address family, and at the end of output, displays the total number of dynamically created neighbors on the router.

The ntp panic update command is introduced.

Old Behavior: There is no command to configure Network Time Protocol (NTP) to reject time updates greater than the panic threshold of 1000 seconds.

New Behavior: A new command, ntp panic update, is introduced to configure NTP to reject time updates greater than the panic threshold of 1000 seconds. If the ntp panic update command is configured and the received time updates are greater than the panic threshold of 1000 seconds, the time update is ignored and the following console message is displayed:

BGP address families no longer stuck in NoNeg or idle state after reload

Old Behavior: After a reload of a router, some or all of the BGP address families do not come up. This is because the router is receiving messages from a neighbor that the AFI or SAFI is not supported, and the router does not retry those AFIs. The output of show ip bgp all summary shows the address family in NoNeg or idle state, and it will never leave that state. Typical output looks like:

New Behavior: When the router receives a message that the AFI or SAFI is not supported, the router does not simply drop the rejected AFIs or SAFIs from subsequent OPEN messages. Instead, the router retries the AFI/SAFI within the existing OPEN message retry timing sequence, but with an exponential backoff (stopping at 10 minutes) applied to decisions about whether to include a particular AFI/SAFI in an OPEN message. The timing of OPEN messages is not changed. Successful negotiation of the AFI results in a reset of the backoff sequence for future attempts. Also, when a BGP connection collision occurs with a session in the ESTABLISHED state, BGP sends a CEASE notification on the newly opened connection, and a keepalive message on the old connection. The new connection is closed. If the old session was stale, the keepalive causes it to be closed. The neighbor will retry its OPEN message after receiving the CEASE message and waiting a few seconds.

New BGP Error Message

Old Behavior: No error message is generated when BGP neighbors are configured with both an IPv6 address and MPLS send labels (via the neighbor send-label command or via a template). Sending MPLS labels to IPv6 peers is not supported.

New Behavior: An error message is generated when BGP neighbors are configured with both an IPv6 address and MPLS send labels. An example of the error message is “%BGP-4-BGP_LABELS_NOT_SUPPORTED: BGP neighbor 2001:DB8:1::2 does not support sending labels.”

The summary address is not advertised to the peer.

Old Behavior: The summary address is advertised to the peer if the administrative distance is configured as 255.

New Behavior: The summary address is not advertised to the peer if the administrative distance is configured as 255.

Two new keywords, protocol and pbr, are added to the mode route command.

Old Behavior: Destination-only traffic classes cannot be controlled when more than one protocol is operating at the border routers.

New Behavior: Destination-only traffic classes can be controlled when more than one protocol is operating at the border routers using dynamic PBR.

On Cisco 860, 880, 890, 2900, and 3900 series ISRs, the default behavior changes when the interface is not connected to an active port:

Old Behavior: GigabitEthernet0/3/0 is up, line protocol is down.

New Behavior: GigabitEthernet0/3/0 is down, line protocol is down.

The line coding and loss of sync information is changed in the output for the show controller shdsl command.

Old Behavior: The output for the show controller shdsl command for the HWIC- 4SHDSL-E shows the line coding as AUTO-TCPAM when Annex F and G are selected, and loss of sync as LOSWAS.

New Behavior: The output for the show controller shdsl command for the HWIC- 4SHDSL-E shows the line coding as 16-TCPAM or 32-TCPAM depending on which TCPAM is used to train lines when Annex F and G are selected, and loss of sync as LOSW.

Cisco IOS Release 15.1(2)T2

Old Behavior: The following commands display flap-statistics, dampened-paths, and dampening parameters of VRFs under the VPNv4 or VPNv6 address family identifier:

– show ip bgp all dampening

– show ip bgp vpnv4 all dampening

– show ip bgp vpnv6 unicast all dampening

New Behavior: Because VRFs can have dampening enabled independently of other VRFs and the global VPNv4 and VPNv6 topologies, the following commands display flap-statistics, dampened-paths, and dampening parameters of individual VRFs under that VRF name:

– show ip bgp all dampening

– show ip bgp vpnv4 all dampening

– show ip bgp vpnv6 unicast all dampening

If dampening is not enabled for a VRF, that is stated under the VRF name.

New command is introduced to configure polarity detection for 10-Mbps full-duplex links.

Old Behavior: By default, polarity detection is enabled for 10-Mbps full-duplex links on Integrated Services Router Generation 2 (ISR G2) platforms. With connection to some network equipment over a 10-Mbps full-duplex link, the polarity detection feature can cause cyclic redundancy check (CRC) errors. There is no CLI command to disable this feature.

New Behavior: By default, the polarity detection feature is disabled for 10-Mbps full-duplex links on ISR G2 platforms. Use the rj45-auto-detect-polarity { enable | disable } command to enable or disable polarity detection.

The default state for the Cisco Gigabit EtherSwitch EHWIC when the interface is not connected to an active port is changed.

Old Behavior: GigabitEthernet0/3/0 is up, line protocol is down.

New Behavior: GigabitEthernet0/3/0 is down, line protocol is down.

Right to Use license is added for ISR G2 platforms.

Old Behavior: The Right to Use license is not available for technology packages and all features on Cisco ISR G2 platforms.

New Behavior: The Right to Use license is available for technology packages and all features on Cisco ISR G2 platforms, except for the HSEC feature. Use the license accept end user agreement command in global configuration mode to configure a one-time acceptance of the Cisco End User License Agreement (EULA) for all Cisco IOS software packages and features.

Important Notes for Cisco IOS Release 15.1(2)T

The following information applies to all releases of Cisco IOS Release 15.1(2)T:

Images Deferred Because of Caveat CSCti18193

In Cisco IOS Release 15.1(2)T, images for all platforms have been deferred because of a severe defect. This defect has been assigned Cisco caveat ID CSCti18193. With caveat CSCti18193, Cisco IOS Release 15.1(2)T is affected by denial of service (DoS) vulnerability during TCP establishment phase.

The software solution for these deferred images is Cisco IOS Release 15.1(2)T0a.

Note Failure to upgrade the affected Cisco IOS images may result in network downtime.

The terms and conditions that governed your rights and obligations and those of Cisco with respect to the deferred images will apply to the replacement images.

Toll Fraud Prevention

Source IP address authentication is enabled on incoming IPv4 H323/ or SIP trunk calls. The source IP address of any incoming IPv4 H323 or SIP trunk calls will be authenticated based on:

– Manually configured IP address trusted list.

– VoIP dial-peer session target (the state of a VoIP dial-peer must be in “Operation State = UP”)

Incoming IPv4 H323 or SIP trunk calls will be rejected if the authentication fails and the default cause-code call-reject (21) disconnects the call.

Execute the show ip address trusted list command to display IP address trusted data and a list of valid source IP addresses. The default behavior can be disabled as shown in the example below:

voice service voip

no ip address trusted authenticate

Secondary dial-tone is disabled for a call initiated from a FXO port. No secondary dial-tone causes the outgoing call setup to fail if the called number is NULL. The default behavior can be disabled as shown below:

voice-port <fxo-port>

secondary dialtone

Direct-inward-dial is enabled to prevent the toll fraud for incoming ISDN calls. Two-stage dialing is disabled for incoming ISDN calls by default. The incoming called number will then be used for outgoing call setup. The default behavior can be disabled as shown in the example below: